April 5, 2021
Cryptocurrencies are popular among legitimate users and threat actors. For legitimate users, it’s an easy and secure payment method without bank or credit card fees. For SMEs, it has the additional benefit that payments accepted in cryptocurrencies are permanent and irreversible. Customers have to contact the company directly for a refund instead of canceling e.g., credit card payments. People also invest in cryptocurrencies expecting their wallets to increase in value.
Threat actors, on the other hand, use cryptocurrencies to finance their illicit networks and operations active in e.g., money laundering, human trafficking, and terrorism. It is the preferred currency used on dark websites for buying and selling weapons, drugs, hacker toolkits, or ransom payments. Due to its blockchain technology, cryptocurrency transactions are hard to trace by law enforcement agencies.
This anonymity has also made cryptocurrency wallets and stock exchanges highly profitable targets for hackers with an extremely low chance of being caught. While cryptocurrencies themselves are very secure, exchanges are less so, making them a prime target for malicious actors. To illustrate, the South Korean exchange was the victim of a massive breach in 2019 when hackers made off with 342,000 ETH (valued at $51 million at the time of the hack). Rogue governments also use state-sponsored hackers and hacker groups to target cryptocurrency markets and exchanges for theft, fraud, and sponsoring terrorist attacks.
Affected legitimate owners of breached crypto wallets might be left without any recourse since the exchange or operators of the cryptocurrency in question might not have enough reserves (in contrast to traditional financial institutions) to compensate the victims.
For law enforcement, investigating these types of crimes is complicated. They need to access the dark web, using a darknet search engine, to follow the digital footprint of the suspected threat actors. By visiting dark web websites, platforms, and message boards, they are able to follow the cryptocurrency money trail that will point to suspicious persons or groups. For instance, by looking for cryptocurrency address/type endpoints, they will get insight into a particular cryptocurrency that was used in certain illicit transactions.
However, when investigators access and explore the dark web themselves, they also become vulnerable to the scrutiny of threat actors related to their investigations. In order to conduct their dark web investigations safely but effectively, they need to use an open-source intelligence tool that enables them to detect, collect and analyze OSINT data from the surface, deep, and dark web to get the full picture. In other words, a tool that will help them with their digital forensics. Such OSINT tools are able to capture and analyze OSINT data, including cataloging and indexing metadata, to maintain evidence-based information.
It should be pointed out that using open-source Intelligence is crucial for detecting or investigating illegal activities since it is based on the collection and processing of information and data that are freely available. Vast amounts of valuable data from a wide range of sources can be used for the investigation while complying with statutory data protection and privacy rules and regulations.
A tool, such as the AI-powered WEBINT platform of Cobwebs, allows investigators to monitor the dark web based on specific search terms or phrases without the need to access the dark web, using a dark web browser, themselves. It eliminates the need for them to personally explore the dark web by accessing dark web websites, forums, and social networks, which could expose them and their agency to repercussions of criminal elements. The platform uses AI-based dark web monitoring technology to connect the dots in a visual graph and gives actionable insights in the form of automated reports that can be used for follow-up.